mirror of
https://github.com/neovim/neovim.git
synced 2026-05-29 16:25:35 +00:00
fix(trust): always use "/" slashes in filepaths #39355
Problem: We should not use "\" (backslashes) except where absolutely required. See references in https://github.com/neovim/neovim/pull/37729 Solution: There is no reason to use "\" slashes in the trust db, so don't.
This commit is contained in:
Justin M. Keyes
@@ -17,13 +17,6 @@ local matches = t.matches
|
||||
local read_file = t.read_file
|
||||
|
||||
describe('vim.secure', function()
|
||||
--- Joins path components using the OS-native separator.
|
||||
--- Unlike vim.fs.joinpath (which normalizes to "/"), this preserves "\" on Windows
|
||||
--- to match paths stored in the trust database.
|
||||
local function osjoin(...)
|
||||
return (table.concat({ ... }, n.get_pathsep()))
|
||||
end
|
||||
|
||||
local function assert_trust_entry(expected)
|
||||
local trust = assert(read_file(vim.fs.joinpath(stdpath('state'), 'trust')))
|
||||
eq(expected, vim.trim(trust))
|
||||
@@ -67,7 +60,7 @@ describe('vim.secure', function()
|
||||
|
||||
local cwd = fn.getcwd()
|
||||
local msg = 'exrc: Found untrusted code. To enable it, choose (v)iew then run `:trust`:'
|
||||
local path = osjoin(cwd, 'Xfile')
|
||||
local path = vim.fs.joinpath(cwd, 'Xfile')
|
||||
|
||||
-- Need to use feed_command instead of exec_lua because of the confirmation prompt
|
||||
feed_command([[lua vim.secure.read('Xfile')]])
|
||||
@@ -87,7 +80,7 @@ describe('vim.secure', function()
|
||||
{MATCH: +}|
|
||||
]])
|
||||
|
||||
assert_trust_entry(('! %s'):format(osjoin(cwd, 'Xfile')))
|
||||
assert_trust_entry(('! %s'):format(vim.fs.joinpath(cwd, 'Xfile')))
|
||||
eq(vim.NIL, exec_lua([[return vim.secure.read('Xfile')]]))
|
||||
|
||||
os.remove(vim.fs.joinpath(stdpath('state'), 'trust'))
|
||||
@@ -107,17 +100,17 @@ describe('vim.secure', function()
|
||||
screen:expect([[
|
||||
^let g:foobar = 42{MATCH: +}|
|
||||
{1:~{MATCH: +}}|*2
|
||||
{2:]] .. osjoin(fn.fnamemodify(cwd, ':~'), 'Xfile') .. [[ [RO]{MATCH: +}}|
|
||||
{2:]] .. vim.fs.joinpath(fn.fnamemodify(cwd, ':~'), 'Xfile') .. [[ [RO]{MATCH: +}}|
|
||||
{MATCH: +}|
|
||||
{1:~{MATCH: +}}|
|
||||
{4:[No Name]{MATCH: +}}|
|
||||
Allowed in trust database: "]] .. osjoin(cwd, 'Xfile') .. [["{MATCH: +}|
|
||||
Allowed in trust database: "]] .. vim.fs.joinpath(cwd, 'Xfile') .. [["{MATCH: +}|
|
||||
]])
|
||||
-- close the split for the next test below.
|
||||
feed(':q<CR>')
|
||||
|
||||
local hash = fn.sha256(assert(read_file('Xfile')))
|
||||
assert_trust_entry(('%s %s'):format(hash, osjoin(cwd, 'Xfile')))
|
||||
assert_trust_entry(('%s %s'):format(hash, vim.fs.joinpath(cwd, 'Xfile')))
|
||||
eq('let g:foobar = 42\n', exec_lua([[return vim.secure.read('Xfile')]]))
|
||||
|
||||
os.remove(vim.fs.joinpath(stdpath('state'), 'trust'))
|
||||
@@ -156,7 +149,7 @@ describe('vim.secure', function()
|
||||
screen:expect([[
|
||||
^let g:foobar = 42{MATCH: +}|
|
||||
{1:~{MATCH: +}}|*2
|
||||
{2:]] .. osjoin(fn.fnamemodify(cwd, ':~'), 'Xfile') .. [[ [RO]{MATCH: +}}|
|
||||
{2:]] .. vim.fs.joinpath(fn.fnamemodify(cwd, ':~'), 'Xfile') .. [[ [RO]{MATCH: +}}|
|
||||
{MATCH: +}|
|
||||
{1:~{MATCH: +}}|
|
||||
{4:[No Name]{MATCH: +}}|
|
||||
@@ -182,7 +175,7 @@ describe('vim.secure', function()
|
||||
local cwd = fn.getcwd()
|
||||
local msg =
|
||||
'exrc: Found untrusted code. DIRECTORY trust is decided only by name, not contents:'
|
||||
local path = osjoin(cwd, 'Xdir')
|
||||
local path = vim.fs.joinpath(cwd, 'Xdir')
|
||||
|
||||
-- Need to use feed_command instead of exec_lua because of the confirmation prompt
|
||||
feed_command([[lua vim.secure.read('Xdir')]])
|
||||
@@ -202,7 +195,7 @@ describe('vim.secure', function()
|
||||
{MATCH: +}|
|
||||
]])
|
||||
|
||||
assert_trust_entry(('! %s'):format(osjoin(cwd, 'Xdir')))
|
||||
assert_trust_entry(('! %s'):format(vim.fs.joinpath(cwd, 'Xdir')))
|
||||
eq(vim.NIL, exec_lua([[return vim.secure.read('Xdir')]]))
|
||||
|
||||
os.remove(vim.fs.joinpath(stdpath('state'), 'trust'))
|
||||
@@ -226,7 +219,7 @@ describe('vim.secure', function()
|
||||
|
||||
-- Directories aren't hashed in the trust database, instead a slug ("directory") is stored
|
||||
-- instead.
|
||||
assert_trust_entry(('directory %s'):format(osjoin(cwd, 'Xdir')))
|
||||
assert_trust_entry(('directory %s'):format(vim.fs.joinpath(cwd, 'Xdir')))
|
||||
eq(true, exec_lua([[return vim.secure.read('Xdir')]]))
|
||||
|
||||
os.remove(vim.fs.joinpath(stdpath('state'), 'trust'))
|
||||
@@ -265,7 +258,7 @@ describe('vim.secure', function()
|
||||
screen:expect([[
|
||||
^{MATCH: +}|
|
||||
{1:~{MATCH: +}}|*2
|
||||
{2:]] .. osjoin(fn.fnamemodify(cwd, ':~'), 'Xdir') .. [[ [RO]{MATCH: +}}|
|
||||
{2:]] .. vim.fs.joinpath(fn.fnamemodify(cwd, ':~'), 'Xdir') .. [[ [RO]{MATCH: +}}|
|
||||
{MATCH: +}|
|
||||
{1:~{MATCH: +}}|
|
||||
{4:[No Name]{MATCH: +}}|
|
||||
@@ -318,7 +311,7 @@ describe('vim.secure', function()
|
||||
it('trust then deny then remove a file using bufnr', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(test_file)))
|
||||
local full_path = osjoin(cwd, test_file)
|
||||
local full_path = vim.fs.joinpath(cwd, test_file)
|
||||
|
||||
command('edit ' .. test_file)
|
||||
eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
|
||||
@@ -334,7 +327,7 @@ describe('vim.secure', function()
|
||||
it('trust an empty file using bufnr', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(empty_file)))
|
||||
local full_path = osjoin(cwd, empty_file)
|
||||
local full_path = vim.fs.joinpath(cwd, empty_file)
|
||||
|
||||
command('edit ' .. empty_file)
|
||||
eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
|
||||
@@ -344,7 +337,7 @@ describe('vim.secure', function()
|
||||
it('deny then trust then remove a file using bufnr', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(test_file)))
|
||||
local full_path = osjoin(cwd, test_file)
|
||||
local full_path = vim.fs.joinpath(cwd, test_file)
|
||||
|
||||
command('edit ' .. test_file)
|
||||
eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
|
||||
@@ -360,7 +353,7 @@ describe('vim.secure', function()
|
||||
it('trust using bufnr then deny then remove a file using path', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(test_file)))
|
||||
local full_path = osjoin(cwd, test_file)
|
||||
local full_path = vim.fs.joinpath(cwd, test_file)
|
||||
|
||||
command('edit ' .. test_file)
|
||||
eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
|
||||
@@ -382,7 +375,7 @@ describe('vim.secure', function()
|
||||
it('trust then deny then remove a file using path', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(test_file)))
|
||||
local full_path = osjoin(cwd, test_file)
|
||||
local full_path = vim.fs.joinpath(cwd, test_file)
|
||||
|
||||
eq(
|
||||
{ true, full_path },
|
||||
@@ -406,7 +399,7 @@ describe('vim.secure', function()
|
||||
it('deny then trust then remove a file using bufnr', function()
|
||||
local cwd = fn.getcwd()
|
||||
local hash = fn.sha256(assert(read_file(test_file)))
|
||||
local full_path = osjoin(cwd, test_file)
|
||||
local full_path = vim.fs.joinpath(cwd, test_file)
|
||||
|
||||
command('edit ' .. test_file)
|
||||
eq(
|
||||
@@ -435,7 +428,7 @@ describe('vim.secure', function()
|
||||
|
||||
it('trust then deny then remove a directory using bufnr', function()
|
||||
local cwd = fn.getcwd()
|
||||
local full_path = osjoin(cwd, test_dir)
|
||||
local full_path = vim.fs.joinpath(cwd, test_dir)
|
||||
command('edit ' .. test_dir)
|
||||
|
||||
eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
|
||||
|
||||
Reference in New Issue
Block a user